Compare commits
6 Commits
66a965e466
...
bdd7f98379
Author | SHA1 | Date | |
---|---|---|---|
bdd7f98379 | |||
|
ba1737a1fa | ||
|
a878cbd4f2 | ||
|
63bb4d160f | ||
|
f9b16207d8 | ||
|
75a4b60f57 |
3
.gitignore
vendored
3
.gitignore
vendored
@ -1,10 +1,11 @@
|
|||||||
.apt-mirror-config
|
.apt-mirror-config
|
||||||
.customDocker.sh
|
.customDocker.sh
|
||||||
|
.customVM.sh
|
||||||
.proxy-config
|
.proxy-config
|
||||||
.vagrant
|
.vagrant
|
||||||
DEADJOE
|
DEADJOE
|
||||||
Vagrantfile
|
|
||||||
/files/log
|
/files/log
|
||||||
/files/kaz/download
|
/files/kaz/download
|
||||||
/files/kaz/git
|
/files/kaz/git
|
||||||
/files/kaz/log
|
/files/kaz/log
|
||||||
|
/files/customVM.sh
|
||||||
|
14
README.md
14
README.md
@ -20,10 +20,6 @@ Nous utilisons :
|
|||||||
|
|
||||||
Vous avez besoin de [vagrant](https://www.vagrantup.com/), [VirtualBox](https://www.virtualbox.org/) et éventuellement git.
|
Vous avez besoin de [vagrant](https://www.vagrantup.com/), [VirtualBox](https://www.virtualbox.org/) et éventuellement git.
|
||||||
|
|
||||||
UDP/53 ne doit pas être filtré depuis votre poste (par un firewall d'entreprise par exemple). Pour tester:
|
|
||||||
```bash
|
|
||||||
# dig @80.67.169.12 www.kaz.bzh
|
|
||||||
```
|
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
@ -34,18 +30,14 @@ git clone git+ssh://git@git.kaz.bzh:2202/KAZ/kaz-vagrant.git # pour contribuer
|
|||||||
cd kaz-vagrant/
|
cd kaz-vagrant/
|
||||||
git switch develop-snster # dans les 2 cas
|
git switch develop-snster # dans les 2 cas
|
||||||
```
|
```
|
||||||
* Personalisez votre simulateur avec la commande (au besoin ajustez la mémoire et les cpus utilisés dans Vagrantfile) :
|
* (Optionnel) Ajustez éventuellement la mémoire et les cpus utilisés dans Vagrantfile (par défaut 4GB et 2 vCPUs)
|
||||||
```bash
|
|
||||||
vagrant plugin install vagrant-disksize
|
|
||||||
vagrant plugin install vagrant-vbguest
|
|
||||||
./init.sh # vous pouvez laisser les choix par défaut
|
|
||||||
```
|
|
||||||
* Pour créer tout l'univers Kaz il faut se placer dans le répertoire et lancer la commande :
|
* Pour créer tout l'univers Kaz il faut se placer dans le répertoire et lancer la commande :
|
||||||
```bash
|
```bash
|
||||||
vagrant up
|
vagrant up
|
||||||
```
|
```
|
||||||
|
|
||||||
Cette étape peut-être (très) longue. Notamment, la construction de kaz-prod se fait dans un conteneur LXC, dans lequel les overlays docker passent par un filesystem FUSE beaucoup plus lent qu'en natif...
|
Cette étape peut-être (très) longue. Notamment, la construction de kaz-prod se fait dans un conteneur LXC, dans lequel les overlays docker passent par un filesystem plus lent qu'en natif... Comptez entre 40 minutes et quelques heures, selon la connexion réseau et les performances de la machine.
|
||||||
|
|
||||||
|
|
||||||
## Mise au point
|
## Mise au point
|
||||||
|
50
Vagrantfile
vendored
Normal file
50
Vagrantfile
vendored
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
# coding: utf-8
|
||||||
|
# -*- mode: ruby -*-
|
||||||
|
# vi: set ft=ruby :
|
||||||
|
|
||||||
|
unless Vagrant.has_plugin?("vagrant-disksize")
|
||||||
|
raise Vagrant::Errors::VagrantError.new, "vagrant-disksize plugin is missing. Please install it using 'vagrant plugin install vagrant-disksize' and rerun 'vagrant up'"
|
||||||
|
end
|
||||||
|
|
||||||
|
# All Vagrant configuration is done below. The "2" in Vagrant.configure
|
||||||
|
# configures the configuration version (we support older styles for
|
||||||
|
# backwards compatibility). Please don't change it unless you know what
|
||||||
|
# you're doing.
|
||||||
|
Vagrant.configure("2") do |config|
|
||||||
|
|
||||||
|
required_plugins = %w( vagrant-vbguest vagrant-disksize )
|
||||||
|
_retry = false
|
||||||
|
required_plugins.each do |plugin|
|
||||||
|
unless Vagrant.has_plugin? plugin
|
||||||
|
system "vagrant plugin install #{plugin}"
|
||||||
|
_retry=true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
if (_retry)
|
||||||
|
exec "vagrant " + ARGV.join(' ')
|
||||||
|
end
|
||||||
|
|
||||||
|
config.vm.box = "debian/bullseye64"
|
||||||
|
config.vm.hostname = 'kaz-vm'
|
||||||
|
config.disksize.size = '32GB'
|
||||||
|
|
||||||
|
config.vm.provider "virtualbox" do |vb|
|
||||||
|
vb.memory = "4096"
|
||||||
|
vb.cpus = "2"
|
||||||
|
vb.name = "kaz-vm"
|
||||||
|
vb.customize ["modifyvm", :id, "--vram", "64", "--clipboard-mode", "bidirectional", '--graphicscontroller', 'vmsvga', '--natnet1', '192.168.64.0/24']
|
||||||
|
vb.gui = true
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#permet d'avoir un répertoire partagé entre la VM et le host
|
||||||
|
config.vm.synced_folder "/tmp/", "/tmp_host"
|
||||||
|
config.vm.synced_folder "files/", "/root/kaz-vagrant"
|
||||||
|
|
||||||
|
config.vm.provision "shell" do |s|
|
||||||
|
s.inline = "/vagrant/files/vm-provision.sh"
|
||||||
|
s.env = {"KAZGUARD" => "true", "HOSTLANG" => ENV['LANG'], "NOKAZ" => ENV['NOKAZ'], "KAZBRANCH" => ENV['KAZBRANCH']}
|
||||||
|
end
|
||||||
|
end
|
@ -1,95 +0,0 @@
|
|||||||
# coding: utf-8
|
|
||||||
# -*- mode: ruby -*-
|
|
||||||
# vi: set ft=ruby :
|
|
||||||
|
|
||||||
unless Vagrant.has_plugin?("vagrant-disksize")
|
|
||||||
raise Vagrant::Errors::VagrantError.new, "vagrant-disksize plugin is missing. Please install it using 'vagrant plugin install vagrant-disksize' and rerun 'vagrant up'"
|
|
||||||
end
|
|
||||||
|
|
||||||
# All Vagrant configuration is done below. The "2" in Vagrant.configure
|
|
||||||
# configures the configuration version (we support older styles for
|
|
||||||
# backwards compatibility). Please don't change it unless you know what
|
|
||||||
# you're doing.
|
|
||||||
Vagrant.configure("2") do |config|
|
|
||||||
|
|
||||||
required_plugins = %w( vagrant-vbguest vagrant-disksize )
|
|
||||||
_retry = false
|
|
||||||
required_plugins.each do |plugin|
|
|
||||||
unless Vagrant.has_plugin? plugin
|
|
||||||
system "vagrant plugin install #{plugin}"
|
|
||||||
_retry=true
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
if (_retry)
|
|
||||||
exec "vagrant " + ARGV.join(' ')
|
|
||||||
end
|
|
||||||
|
|
||||||
config.vm.box = "debian/bullseye64"
|
|
||||||
config.vm.hostname = 'kaz-vm'
|
|
||||||
config.disksize.size = '32GB'
|
|
||||||
|
|
||||||
# Disable automatic box update checking. If you disable this, then
|
|
||||||
# boxes will only be checked for updates when the user runs
|
|
||||||
# `vagrant box outdated`. This is not recommended.
|
|
||||||
# config.vm.box_check_update = false
|
|
||||||
|
|
||||||
# Create a forwarded port mapping which allows access to a specific port
|
|
||||||
# within the machine from a port on the host machine. In the example below,
|
|
||||||
# accessing "localhost:8080" will access port 80 on the guest machine.
|
|
||||||
# config.vm.network "forwarded_port", guest: 80, host: 8080
|
|
||||||
|
|
||||||
# Create a private network, which allows host-only access to the machine
|
|
||||||
# using a specific IP.
|
|
||||||
# config.vm.network "private_network", ip: "192.168.33.10"
|
|
||||||
|
|
||||||
# Create a public network, which generally matched to bridged network.
|
|
||||||
# Bridged networks make the machine appear as another physical device on
|
|
||||||
# your network.
|
|
||||||
# config.vm.network "public_network"
|
|
||||||
|
|
||||||
# Share an additional folder to the guest VM. The first argument is
|
|
||||||
# the path on the host to the actual folder. The second argument is
|
|
||||||
# the path on the guest to mount the folder. And the optional third
|
|
||||||
# argument is a set of non-required options.
|
|
||||||
# config.vm.synced_folder "data", "/vagrant_data"
|
|
||||||
# config.vm.synced_folder "..", "/root/mi-lxc", create:true, type:"rsync",
|
|
||||||
# rsync__exclude: [".git/", "zzlocal/", "vagrant/"]
|
|
||||||
|
|
||||||
# Provider-specific configuration so you can fine-tune various
|
|
||||||
# backing providers for Vagrant. These expose provider-specific options.
|
|
||||||
# Example for VirtualBox:
|
|
||||||
#
|
|
||||||
config.vm.provider "virtualbox" do |vb|
|
|
||||||
# # Display the VirtualBox GUI when booting the machine
|
|
||||||
# vb.gui = true
|
|
||||||
#
|
|
||||||
# # Customize the amount of memory on the VM:
|
|
||||||
vb.memory = "4096"
|
|
||||||
vb.cpus="2"
|
|
||||||
vb.name = "kaz-vm"
|
|
||||||
vb.customize ["modifyvm", :id, "--vram", "64", "--clipboard-mode", "bidirectional", '--graphicscontroller', 'vmsvga', '--natnet1', '192.168.64.0/24']
|
|
||||||
vb.gui = true
|
|
||||||
|
|
||||||
end
|
|
||||||
|
|
||||||
# Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
|
|
||||||
# such as FTP and Heroku are also available. See the documentation at
|
|
||||||
# https://docs.vagrantup.com/v2/push/atlas.html for more information.
|
|
||||||
# config.push.define "atlas" do |push|
|
|
||||||
# push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
|
|
||||||
# end
|
|
||||||
|
|
||||||
# Enable provisioning with a shell script. Additional provisioners such as
|
|
||||||
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
|
|
||||||
# documentation for more information about their specific syntax and use.
|
|
||||||
|
|
||||||
#permet d'avoir un répertoire partagé entre la VM et le host
|
|
||||||
config.vm.synced_folder "/tmp/", "/tmp_host"
|
|
||||||
config.vm.synced_folder "files/", "/root/kaz-vagrant"
|
|
||||||
|
|
||||||
config.vm.provision "shell" do |s|
|
|
||||||
s.inline = "/vagrant/files/vm-provision.sh"
|
|
||||||
s.env = {"KAZGUARD" => "true", "HOSTLANG" => ENV['LANG'], "NOKAZ" => ENV['NOKAZ'], "KAZBRANCH" => ENV['KAZBRANCH']}
|
|
||||||
end
|
|
||||||
end
|
|
@ -18,7 +18,7 @@ DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
|||||||
# KAZ specific things
|
# KAZ specific things
|
||||||
#installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine
|
#installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine
|
||||||
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y docker.io docker-compose docker-clean git apg curl sudo unzip rsync btrfs-progs ldap-utils # fuse-overlayfs
|
DEBIAN_FRONTEND=noninteractive apt-get install -y docker.io docker-compose docker-clean git apg curl sudo unzip rsync btrfs-progs ldap-utils # fuse-overlayfs
|
||||||
usermod -G docker debian
|
usermod -G docker debian
|
||||||
# activation dans alias dans /root/.bashrc
|
# activation dans alias dans /root/.bashrc
|
||||||
sed -i \
|
sed -i \
|
||||||
@ -80,6 +80,27 @@ fi
|
|||||||
echo -e '#!/bin/sh\n/kaz/bin/container.sh start' >> /etc/rc.local
|
echo -e '#!/bin/sh\n/kaz/bin/container.sh start' >> /etc/rc.local
|
||||||
chmod +x /etc/rc.local
|
chmod +x /etc/rc.local
|
||||||
|
|
||||||
|
# On sauve le proxy APT
|
||||||
|
proxy=$(/sbin/ip route | awk '/default/ { print $3 }' | head -1)
|
||||||
|
sed -i -e "s/^proxy.*$/proxy=$proxy/" /usr/local/sbin/detect_proxy.sh
|
||||||
|
#echo "export http_proxy=\"http://$proxy:3142\"" > /etc/profile.d/proxy.sh
|
||||||
|
#echo "export https_proxy=\"http://$proxy:3142\"" >> /etc/profile.d/proxy.sh
|
||||||
|
mkdir /root/.docker
|
||||||
|
echo "{
|
||||||
|
\"proxies\":
|
||||||
|
{
|
||||||
|
\"default\":
|
||||||
|
{
|
||||||
|
\"httpProxy\": \"http://$proxy:3142\",
|
||||||
|
\"httpsProxy\": \"http://$proxy:3142\",
|
||||||
|
\"noProxy\": \"*.sns,127.0.0.0/8\"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}" > /root/.docker/config.json
|
||||||
|
echo "http_proxy=\"http://$proxy:3142\"
|
||||||
|
https_proxy=\"http://$proxy:3142\"
|
||||||
|
" >> /etc/default/docker
|
||||||
|
|
||||||
# clear apt cache
|
# clear apt cache
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get clean
|
DEBIAN_FRONTEND=noninteractive apt-get clean
|
||||||
|
@ -15,52 +15,44 @@ mkdir -p "${VAGRANT_SRC_DIR}/log/"
|
|||||||
export DebugLog="${VAGRANT_SRC_DIR}/log/log-vagrant-$(date +%y-%m-%d-%T)-"
|
export DebugLog="${VAGRANT_SRC_DIR}/log/log-vagrant-$(date +%y-%m-%d-%T)-"
|
||||||
(
|
(
|
||||||
echo "########## ********** Start Vagrant $(date +%D-%T)"
|
echo "########## ********** Start Vagrant $(date +%D-%T)"
|
||||||
#pour la résolution de noms dans /etc/hosts
|
|
||||||
SERVICES_LIST="smtp mail ldap www depot tableur pad webmail sondage garradin test-garradin wiki git agora cloud office cachet quotas"
|
|
||||||
|
|
||||||
# Copie de qques fichiers
|
# Copie de qques fichiers
|
||||||
cp "${VAGRANT_SRC_DIR}/keyboard" /etc/default/keyboard
|
cp "${VAGRANT_SRC_DIR}/keyboard" /etc/default/keyboard
|
||||||
|
|
||||||
sysctl -w net.ipv4.ip_forward=1
|
# gestions sources.list
|
||||||
|
|
||||||
# MAJ et install
|
|
||||||
sed -i -e 's/main.*/main contrib non-free/' /etc/apt/sources.list
|
sed -i -e 's/main.*/main contrib non-free/' /etc/apt/sources.list
|
||||||
if [ -f "${VAGRANT_SRC_DIR}/.apt-mirror-config" ]; then
|
sed -i -e 's/https:/http:/' /etc/apt/sources.list
|
||||||
# pour ceux qui disposent d'un cache apt local et pas la fibre
|
apt-get --allow-releaseinfo-change update
|
||||||
# suffit d'indiquer "host:port" dans le fichier ".apt-mirror-config"
|
|
||||||
. "${VAGRANT_SRC_DIR}/.apt-mirror-config"
|
# Cache APT
|
||||||
sed -i \
|
#DEBIAN_FRONTEND=noninteractive apt-get install -y apt-cacher # apt-cacher-ng does not work well on bullseye
|
||||||
-e "s%s\?://deb.debian.org%://${APT_MIRROR_DEBIAN}%g" \
|
#echo "allowed_hosts = *" >> /etc/apt-cacher/apt-cacher.conf
|
||||||
-e "s%s\?://security.debian.org%://${APT_MIRROR_DEBIAN_SECURITY}%g" \
|
#service apt-cacher restart
|
||||||
-e "s%s\?://archive.ubuntu.com%://${APT_MIRROR_UBUNTU}%g" \
|
DEBIAN_FRONTEND=noninteractive apt-get install -y squid
|
||||||
-e "s%s\?://security.ubuntu.com%://${APT_MIRROR_UBUNTU_SECURITY}%g" \
|
sed -i -e "s/#http_access allow localnet/http_access allow localnet/" /etc/squid/squid.conf
|
||||||
/etc/apt/sources.list
|
echo "cache_dir aufs /var/spool/squid 5000 14 256
|
||||||
|
http_port 3142" >> /etc/squid/squid.conf
|
||||||
|
service squid restart
|
||||||
|
echo "Acquire::http::Proxy \"http://127.0.0.1:3142\";" > /etc/apt/apt.conf.d/01proxy; # utilisation de apt-cacher-ng
|
||||||
|
# Ajouter http://www.squid-cache.org/Doc/config/cache_peer/ à squid pour un proxy upstream
|
||||||
|
|
||||||
|
# Pour le confort de chacun, un customVM.sh optionnel
|
||||||
|
if [ -f "${VAGRANT_SRC_DIR}/customVM.sh" ]; then
|
||||||
|
bash "${VAGRANT_SRC_DIR}/customVM.sh"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get --allow-releaseinfo-change update
|
# MAJ et Install
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
|
DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade
|
DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y apg curl git sudo unzip rsync firefox-esr tcpdump net-tools mousepad wireshark swapspace whois ldap-utils python3-lxc lxc python3-pygraphviz python3-pil python3-yaml imagemagick btrfs-progs # could be with --no-install-recommends
|
DEBIAN_FRONTEND=noninteractive apt-get install -y apg curl git sudo unzip rsync firefox-esr tcpdump net-tools mousepad wireshark swapspace whois python3-lxc lxc python3-pygraphviz python3-pil python3-yaml imagemagick btrfs-progs # could be with --no-install-recommends
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y xfce4 lightdm xfce4-terminal xserver-xorg gitk # needs to install recommends
|
DEBIAN_FRONTEND=noninteractive apt-get install -y xfce4 lightdm xfce4-terminal xserver-xorg gitk # needs to install recommends
|
||||||
|
|
||||||
ssh-keygen -t rsa -b 4096 -N '' <<<$'\ny'
|
ssh-keygen -t rsa -b 4096 -N '' <<<$'\ny'
|
||||||
rsync /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
|
rsync /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
|
||||||
|
|
||||||
# Pour le confort de chacun
|
|
||||||
# Le fihcier .customDocker.sh contient
|
|
||||||
# DEBIAN_FRONTEND=noninteractive apt-get install -y joe
|
|
||||||
# DEBIAN_FRONTEND=noninteractive apt-get install -y emacs
|
|
||||||
# DEBIAN_FRONTEND=noninteractive apt-get install -y vim
|
|
||||||
if [ -f "${VAGRANT_SRC_DIR}/.customDocker.sh" ]; then
|
|
||||||
chmod a+x "${VAGRANT_SRC_DIR}/.customDocker.sh"
|
|
||||||
"${VAGRANT_SRC_DIR}/.customDocker.sh"
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Localisation du $LANG, en par défaut, timezone Paris
|
# Localisation du $LANG, en par défaut, timezone Paris
|
||||||
if [ -z "${HOSTLANG}" ] ; then
|
if [ -z "${HOSTLANG}" ] ; then
|
||||||
HOSTLANG="en_US.UTF-8"
|
HOSTLANG="en_US.UTF-8"
|
||||||
fi
|
fi
|
||||||
echo "Europe/Paris" > /etc/timezone
|
echo "Europe/Paris" > /etc/timezone
|
||||||
ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime
|
ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime
|
||||||
@ -71,38 +63,33 @@ export DebugLog="${VAGRANT_SRC_DIR}/log/log-vagrant-$(date +%y-%m-%d-%T)-"
|
|||||||
dpkg-reconfigure --frontend=noninteractive locales || true # don't fail for a locales problem
|
dpkg-reconfigure --frontend=noninteractive locales || true # don't fail for a locales problem
|
||||||
update-locale LANG=${HOSTLANG} || true # don't fail for a locales problem
|
update-locale LANG=${HOSTLANG} || true # don't fail for a locales problem
|
||||||
|
|
||||||
|
|
||||||
echo -e "\n #### create user\n"
|
|
||||||
# Creation des utilisateurs
|
# Creation des utilisateurs
|
||||||
|
echo -e "\n #### create user\n"
|
||||||
usermod -p $(mkpasswd --method=sha-512 root) root
|
usermod -p $(mkpasswd --method=sha-512 root) root
|
||||||
useradd -m -s "/bin/bash" -p $(mkpasswd --method=sha-512 debian) debian || true # don't fail if user already exists
|
useradd -m -s "/bin/bash" -p $(mkpasswd --method=sha-512 debian) debian || true # don't fail if user already exists
|
||||||
|
|
||||||
# augmentation de la taille de /run si lowmem
|
|
||||||
#echo "tmpfs /run tmpfs nosuid,noexec,size=26M 0 0" >> /etc/fstab
|
|
||||||
#mount -o remount /run
|
|
||||||
|
|
||||||
# Désactivation de la mise en veille de l'écran
|
# Désactivation de la mise en veille de l'écran
|
||||||
mkdir -p /etc/X11/xorg.conf.d/
|
mkdir -p /etc/X11/xorg.conf.d/
|
||||||
rsync -a "${VAGRANT_SRC_DIR}/10-monitor.conf" /etc/X11/xorg.conf.d/
|
rsync -a "${VAGRANT_SRC_DIR}/10-monitor.conf" /etc/X11/xorg.conf.d/
|
||||||
# mv /etc/xdg/autostart/light-locker.desktop /etc/xdg/autostart/light-locker.desktop.bak
|
# mv /etc/xdg/autostart/light-locker.desktop /etc/xdg/autostart/light-locker.desktop.bak
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y light-locker
|
DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y light-locker
|
||||||
|
|
||||||
#faut virer exim, il fout la grouille avec le docker postfix
|
#faut virer exim, inutile
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y exim4-base exim4-config exim4-daemon-light
|
DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y exim4-base exim4-config exim4-daemon-light
|
||||||
|
|
||||||
#login ssh avec mot de passe
|
#login ssh avec mot de passe
|
||||||
sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config
|
sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config
|
||||||
if ! grep -q "PasswordAuthentication yes" /etc/ssh/sshd_config 2>/dev/null; then
|
if ! grep -q "PasswordAuthentication yes" /etc/ssh/sshd_config 2>/dev/null; then
|
||||||
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
|
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# autorisation du routing et augmentation inotify
|
# autorisation du routing et augmentation inotify
|
||||||
if ! grep -q "net.ipv4.ip_forward" /etc/sysctl.conf 2>/dev/null; then
|
if ! grep -q "net.ipv4.ip_forward" /etc/sysctl.conf 2>/dev/null; then
|
||||||
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
|
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
|
||||||
fi
|
fi
|
||||||
sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf
|
sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf
|
||||||
if ! grep -q "fs.inotify.max_queued_events" /etc/sysctl.conf 2>/dev/null; then
|
if ! grep -q "fs.inotify.max_queued_events" /etc/sysctl.conf 2>/dev/null; then
|
||||||
echo -e "fs.inotify.max_queued_events=1048576\nfs.inotify.max_user_instances=1048576\nfs.inotify.max_user_watches=1048576" >> /etc/sysctl.conf
|
echo -e "fs.inotify.max_queued_events=1048576\nfs.inotify.max_user_instances=1048576\nfs.inotify.max_user_watches=1048576" >> /etc/sysctl.conf
|
||||||
fi
|
fi
|
||||||
sysctl -p
|
sysctl -p
|
||||||
|
|
||||||
@ -128,50 +115,45 @@ EOF
|
|||||||
mkdir -p $(dirname "${TERM_CFG}")
|
mkdir -p $(dirname "${TERM_CFG}")
|
||||||
touch "${TERM_CFG}"
|
touch "${TERM_CFG}"
|
||||||
if ! grep -q "ShortcutsNoMnemonics" "${TERM_CFG}" 2>/dev/null; then
|
if ! grep -q "ShortcutsNoMnemonics" "${TERM_CFG}" 2>/dev/null; then
|
||||||
echo -e "[Configuration]\nShortcutsNoMnemonics=TRUE" >> "${TERM_CFG}"
|
echo -e "[Configuration]\nShortcutsNoMnemonics=TRUE" >> "${TERM_CFG}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo -e "\n #### set swapspace\n"
|
|
||||||
# free swapspace at shutdown
|
# free swapspace at shutdown
|
||||||
|
echo -e "\n #### set swapspace\n"
|
||||||
sed -i -e 's/ExecStart=\/usr\/sbin\/swapspace/ExecStart=\/usr\/sbin\/swapspace\nExecStop=\/usr\/sbin\/swapspace -e/' /lib/systemd/system/swapspace.service
|
sed -i -e 's/ExecStart=\/usr\/sbin\/swapspace/ExecStart=\/usr\/sbin\/swapspace\nExecStop=\/usr\/sbin\/swapspace -e/' /lib/systemd/system/swapspace.service
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
|
|
||||||
# limit journald log size
|
# limit journald log size
|
||||||
mkdir -p /etc/systemd/journald.conf.d
|
mkdir -p /etc/systemd/journald.conf.d
|
||||||
if [ ! -f /etc/systemd/journald.conf.d/sizelimit.conf ]; then
|
if [ ! -f /etc/systemd/journald.conf.d/sizelimit.conf ]; then
|
||||||
cat > /etc/systemd/journald.conf.d/sizelimit.conf <<EOF
|
cat > /etc/systemd/journald.conf.d/sizelimit.conf <<EOF
|
||||||
[Journal]
|
[Journal]
|
||||||
SystemMaxUse=20M
|
SystemMaxUse=20M
|
||||||
SystemMaxFileSize=2M
|
SystemMaxFileSize=2M
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#***********DEBUT CERTIF*******************
|
# CA et certifs avec mkcert
|
||||||
#*****************ATTENTION: MARCHE PAS (il faut accepter toutes les exceptions de sécurité
|
|
||||||
|
|
||||||
echo -e "\n #### mkcert\n"
|
echo -e "\n #### mkcert\n"
|
||||||
# Récupérer mkcert et générer la CA
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y libnss3-tools
|
DEBIAN_FRONTEND=noninteractive apt-get install -y libnss3-tools
|
||||||
|
|
||||||
mkdir -p /root/mkcert
|
mkdir -p /root/mkcert
|
||||||
cd /root/mkcert
|
cd /root/mkcert
|
||||||
if [ ! -f mkcert ]; then
|
if [ ! -f mkcert ]; then
|
||||||
wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64 -O mkcert
|
wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64 -O mkcert
|
||||||
chmod +x mkcert
|
chmod +x mkcert
|
||||||
mkdir -p /etc/letsencrypt/local/
|
mkdir -p /etc/letsencrypt/local/
|
||||||
export CAROOT=/etc/letsencrypt/local/
|
export CAROOT=/etc/letsencrypt/local/
|
||||||
/root/mkcert/mkcert -install # CA dans /etc/letsencrypt/local/
|
/root/mkcert/mkcert -install # CA dans /etc/letsencrypt/local/
|
||||||
cd "${CAROOT}"
|
cd "${CAROOT}"
|
||||||
/root/mkcert/mkcert "*.kaz.sns" # cert et clé dans /etc/letsencrypt/local/
|
/root/mkcert/mkcert "*.kaz.sns" # cert et clé dans /etc/letsencrypt/local/
|
||||||
|
|
||||||
mkdir -p /etc/letsencrypt/live/kaz.sns/
|
mkdir -p /etc/letsencrypt/live/kaz.sns/
|
||||||
ln -s ../../local/_wildcard.kaz.sns.pem /etc/letsencrypt/live/kaz.sns/fullchain.pem
|
ln -s ../../local/_wildcard.kaz.sns.pem /etc/letsencrypt/live/kaz.sns/fullchain.pem
|
||||||
ln -s ../../local/_wildcard.kaz.sns-key.pem /etc/letsencrypt/live/kaz.sns/privkey.pem
|
ln -s ../../local/_wildcard.kaz.sns-key.pem /etc/letsencrypt/live/kaz.sns/privkey.pem
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
#***********FIN CERTIF*******************
|
|
||||||
|
|
||||||
# clear apt cache
|
# clear apt cache
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get clean
|
DEBIAN_FRONTEND=noninteractive apt-get clean
|
||||||
@ -191,22 +173,16 @@ EOF
|
|||||||
mkfs.btrfs -f /root/btrfs.img
|
mkfs.btrfs -f /root/btrfs.img
|
||||||
echo "/root/btrfs.img /var/lib/lxc btrfs loop 0 0" >> /etc/fstab
|
echo "/root/btrfs.img /var/lib/lxc btrfs loop 0 0" >> /etc/fstab
|
||||||
mount /var/lib/lxc
|
mount /var/lib/lxc
|
||||||
#losetup -f /root/btrfs.img
|
|
||||||
#mount /dev/loop0 /var/lib/lxc
|
|
||||||
sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.9/dist-packages/backends/LxcBackend.py
|
sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.9/dist-packages/backends/LxcBackend.py
|
||||||
|
|
||||||
# SNSTER KAZ
|
# SNSTER KAZ
|
||||||
# cp -ar ${VAGRANT_SRC_DIR}/templates /root
|
|
||||||
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
|
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
|
||||||
|
|
||||||
# crypto keys
|
# crypto keys
|
||||||
cp -ar /etc/letsencrypt /root/snster-kaz/kaz/prod/
|
cp -ar /etc/letsencrypt /root/snster-kaz/kaz/prod/
|
||||||
cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
|
cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
|
||||||
|
|
||||||
# On monte le filesystem de kaz-prod dans le /kaz de la VM pour le dév (en nofail)
|
# On lie le filesystem de kaz-prod dans le /kaz de la VM pour le dév
|
||||||
# mkdir /kaz-prod /kaz
|
|
||||||
# echo "overlay /kaz-prod overlay lowerdir=/var/lib/lxc/sr-masters-bullseye/rootfs,upperdir=/var/lib/lxc/kaz-kaz-prod/overlay/delta,workdir=/var/lib/lxc/kaz-kaz-prod/overlay/work,nofail 0 0" >> /etc/fstab
|
|
||||||
# echo "/kaz-prod/kaz /kaz none bind,nofail 0 0" >> /etc/fstab
|
|
||||||
ln -s /var/lib/lxc/kaz-kaz-prod/rootfs/ /kaz-prod
|
ln -s /var/lib/lxc/kaz-kaz-prod/rootfs/ /kaz-prod
|
||||||
ln -s /kaz-prod/kaz /kaz
|
ln -s /kaz-prod/kaz /kaz
|
||||||
|
|
||||||
|
162
init.sh
162
init.sh
@ -1,162 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
### Personalisation de la VM
|
|
||||||
|
|
||||||
cd "$(dirname $0)"
|
|
||||||
|
|
||||||
BOLD='[1m'
|
|
||||||
RED='[0;31m'
|
|
||||||
GREEN='[0;32m'
|
|
||||||
YELLOW='[0;33m'
|
|
||||||
BLUE='[0;34m'
|
|
||||||
MAGENTA='[0;35m'
|
|
||||||
CYAN='[0;36m'
|
|
||||||
NC='[0m' # No Color
|
|
||||||
NL='
|
|
||||||
'
|
|
||||||
|
|
||||||
mkdir -p ./files/kaz/log/ ./files/kaz/download/ ./files/kaz/git/
|
|
||||||
chmod a+rxw ./files/kaz/log/ ./files/kaz/download/ ./files/kaz/git/
|
|
||||||
|
|
||||||
cp Vagrantfile.dist Vagrantfile
|
|
||||||
|
|
||||||
OLD_MEN=$(grep vb.memory Vagrantfile | sed -e 's%.*vb.memory\s*=\s*"\([^"]*\)".*%\1%')
|
|
||||||
OLD_CUPS=$(grep vb.cpus Vagrantfile | sed -e 's%.*vb.cpus\s*=\s*"\([^"]*\)".*%\1%')
|
|
||||||
MEM=$(expr $(head -1 /proc/meminfo | awk '{print $2}') / 4096)
|
|
||||||
CUP=$(expr $(nproc) / 2)
|
|
||||||
|
|
||||||
cat <<EOF
|
|
||||||
${GREEN}${BOLD}
|
|
||||||
MEM: ${OLD_MEN} => ${MEM}
|
|
||||||
CUP: ${OLD_CUPS} => ${CUP}
|
|
||||||
${NC}
|
|
||||||
Update './Vagrantfile'
|
|
||||||
EOF
|
|
||||||
|
|
||||||
sed -i Vagrantfile \
|
|
||||||
-e 's%vb.memory\s*=\s*"[^"]*"%vb.memory = "'${MEM}'"%' \
|
|
||||||
-e 's%vb.cpus\s*=\s*"[^"]*"%vb.cpus = "'${CUP}'"%'
|
|
||||||
|
|
||||||
|
|
||||||
APT_CONF="files/.apt-mirror-config"
|
|
||||||
if [ -f "${APT_CONF}" ]; then
|
|
||||||
. "${APT_CONF}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
### Personalisation d'un cache apt
|
|
||||||
if [ -z "${APT_MIRROR_DEBIAN}" ]; then
|
|
||||||
APT_MIRROR_DEBIAN=$(grep "deb\s.*/debian[^-]" /etc/apt/sources.list | head -1 | sed -e "s%.*deb\s.*://\([^/]*\)/debian.*%\1%")
|
|
||||||
fi
|
|
||||||
if [ -z "${APT_MIRROR_DEBIAN_SECURITY}" ]; then
|
|
||||||
APT_MIRROR_DEBIAN_SECURITY=$(grep "deb\s.*/debian-security" /etc/apt/sources.list | head -1 | sed -e "s%.*deb\s.*://\([^/]*\)/debian-security.*%\1%")
|
|
||||||
fi
|
|
||||||
if [ -z "${APT_MIRROR_UBUNTU}" ]; then
|
|
||||||
APT_MIRROR_UBUNTU=$(grep "deb\s.*://\([^/]*\)/ubuntu" /etc/apt/sources.list | head -1 | sed -e "s%.*deb\s.*://\([^/]*\)/ubuntu.*%\1%")
|
|
||||||
fi
|
|
||||||
if [ -z "${APT_MIRROR_UBUNTU_SECURITY}" ]; then
|
|
||||||
APT_MIRROR_UBUNTU_SECURITY=$(grep "deb\s.*://\([^/]*\)/ubuntu.*-security" /etc/apt/sources.list | head -1 | sed -e "s%.*deb\s.*://\([^/]*\)/ubuntu.*%\1%")
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "${APT_MIRROR_UBUNTU}" ]; then
|
|
||||||
APT_MIRROR_UBUNTU="${APT_MIRROR_DEBIAN}"
|
|
||||||
fi
|
|
||||||
if [ -z "${APT_MIRROR_UBUNTU_SECURITY}" ]; then
|
|
||||||
APT_MIRROR_UBUNTU_SECURITY="${APT_MIRROR_DEBIAN_SECURITY}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
while : ; do
|
|
||||||
cat <<EOF
|
|
||||||
${GREEN}${BOLD}
|
|
||||||
APT_MIRROR_DEBIAN=${APT_MIRROR_DEBIAN}
|
|
||||||
APT_MIRROR_DEBIAN_SECURITY=${APT_MIRROR_DEBIAN_SECURITY}
|
|
||||||
APT_MIRROR_UBUNTU=${APT_MIRROR_UBUNTU}
|
|
||||||
APT_MIRROR_UBUNTU_SECURITY=${APT_MIRROR_UBUNTU_SECURITY}
|
|
||||||
${NC}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
read -p "Update '${APT_CONF}' (ip:port or y/n)? [no] " proxy
|
|
||||||
case "${proxy}" in
|
|
||||||
*:* )
|
|
||||||
APT_MIRROR_DEBIAN=${proxy}
|
|
||||||
APT_MIRROR_DEBIAN_SECURITY=${proxy}
|
|
||||||
APT_MIRROR_UBUNTU=${proxy}
|
|
||||||
APT_MIRROR_UBUNTU_SECURITY=${proxy}
|
|
||||||
;;
|
|
||||||
[YyOo]* )
|
|
||||||
cat > "${APT_CONF}" <<EOF
|
|
||||||
# Generated by $(pwd)$(basename $0)
|
|
||||||
# $(date "+%x %X")
|
|
||||||
|
|
||||||
APT_MIRROR_DEBIAN=${APT_MIRROR_DEBIAN}
|
|
||||||
APT_MIRROR_DEBIAN_SECURITY=${APT_MIRROR_DEBIAN_SECURITY}
|
|
||||||
APT_MIRROR_UBUNTU=${APT_MIRROR_UBUNTU}
|
|
||||||
APT_MIRROR_UBUNTU_SECURITY=${APT_MIRROR_UBUNTU_SECURITY}
|
|
||||||
EOF
|
|
||||||
break;;
|
|
||||||
""|[Nn]* ) break;;
|
|
||||||
* ) echo "Please answer ip:port, yes or no.";;
|
|
||||||
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
|
|
||||||
PROXY_CONF="files/.proxy-config"
|
|
||||||
if [ -f "${PROXY_CONF}" ]; then
|
|
||||||
FTP_PROXY=$(grep "ftp_proxy" "${PROXY_CONF}" | head -1 | sed -e "s%.*ftp_proxy\s*=\s*.*://\(.*\)%\1%")
|
|
||||||
HTTP_PROXY=$(grep "http_proxy" "${PROXY_CONF}" | head -1 | sed -e "s%.*http_proxy\s*=\s*.*://\(.*\)%\1%")
|
|
||||||
HTTPS_PROXY=$(grep "https_proxy" "${PROXY_CONF}" | head -1 | sed -e "s%.*https_proxy\s*=\s*.*://\(.*\)%\1%")
|
|
||||||
fi
|
|
||||||
|
|
||||||
while : ; do
|
|
||||||
cat <<EOF
|
|
||||||
${GREEN}${BOLD}
|
|
||||||
export ftp_proxy=ftp://${FTP_PROXY}
|
|
||||||
export http_proxy=http://${HTTP_PROXY}
|
|
||||||
export https_proxy=https://${HTTPS_PROXY}
|
|
||||||
${NC}
|
|
||||||
EOF
|
|
||||||
read -p "proxy in '${PROXY_CONF}' (ip:port, yes or no)? [no] " proxy
|
|
||||||
case "${proxy}" in
|
|
||||||
*:* )
|
|
||||||
FTP_PROXY=${proxy}
|
|
||||||
HTTP_PROXY=${proxy}
|
|
||||||
HTTPS_PROXY=${proxy}
|
|
||||||
;;
|
|
||||||
[yY]*|[Oo]* )
|
|
||||||
cat > "${PROXY_CONF}" <<EOF
|
|
||||||
# Generated by $(pwd)$(basename $0)
|
|
||||||
# $(date "+%x %X")
|
|
||||||
|
|
||||||
export ftp_proxy=ftp://${FTP_PROXY}
|
|
||||||
export http_proxy=http://${HTTP_PROXY}
|
|
||||||
export https_proxy=https://${HTTPS_PROXY}
|
|
||||||
EOF
|
|
||||||
break;;
|
|
||||||
""|[Nn]* ) break;;
|
|
||||||
* ) echo "Please answer ip:port, yes or no.";;
|
|
||||||
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
CUSTOM_CONF=files/.customDocker.sh
|
|
||||||
echo
|
|
||||||
if [ -f "${CUSTOM_CONF}" ]; then
|
|
||||||
OLD_EDITOR=$(grep install "${CUSTOM_CONF}" | grep "\(joe\|emacs\|vim\)" | head -1 | sed -e "s%.*\(joe\|emacs\|vim\).*%\1%")
|
|
||||||
fi
|
|
||||||
while : ; do
|
|
||||||
read -p "Choose editor in '${CUSTOM_CONF}' (joe, emacs, vim or no)? [${GREEN}${BOLD}${OLD_EDITOR}${NC}] " editor
|
|
||||||
case "${editor}" in
|
|
||||||
joe|emacs|vim )
|
|
||||||
if [ ! -f "${CUSTOM_CONF}" ]; then
|
|
||||||
echo "#!/bin/bash" > "${CUSTOM_CONF}"
|
|
||||||
fi
|
|
||||||
chmod a+x "${CUSTOM_CONF}"
|
|
||||||
if ! grep -qw "${editor}" "${CUSTOM_CONF}" 2> /dev/null ; then
|
|
||||||
echo "DEBIAN_FRONTEND=noninteractive apt-get install -y ${editor}" >> "${CUSTOM_CONF}"
|
|
||||||
echo "rsync -a /vagrant/files/.emacs* /root/" >> "${CUSTOM_CONF}"
|
|
||||||
fi
|
|
||||||
break;;
|
|
||||||
""|[Nn]* ) break;;
|
|
||||||
* ) echo "Please answer joe, emacs, vim or no.";;
|
|
||||||
esac
|
|
||||||
done
|
|
Loading…
Reference in New Issue
Block a user